当前位置：首页 → 问答吧 → 好多software都开唔到(附Hijackthis)

好多software都开唔到(附Hijackthis)

时间：2013-05-11

来源：互联网

一开就弹"xxx已经停止运作"
thanks
Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 15:32:15, on 11/5/2013

Platform: Unknown Windows (WinNT 6.01.3505 SP1)

MSIE: Internet Explorer v10.0 (10.00.9200.16537)

Boot mode: NormalRunning processes

D:\PPS.tv\PPStream\PPSProtect.exe

D:\PPS.tv\PPStream\PPSKernel.exe

C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe

C:\ProgramData\Search Protection\SearchProtection.exe

C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe

C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

F2 - REG:system.ini: UserInit=userinit.exe

O2 - BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll

O2 - BHO: XlBrowserAddinBho.XlBrowserAddinBhoObject - {0EA37B17-6B8B-4085-8257-F3A4AA69C27A} - C:\Program Files (x86)\Thunder
Network\Thunder\BHO\XlBrowserAddin1.0.7.70.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: 1924A188-E186-67A0-12BF-431D851E775D Class - {1924A188-E186-67A0-12BF-431D851E775D} - C:\Program Files (x86)\Baidu\{1924A188-E186-67A0-12BF-431D851E775D}\AddressBar.dll (file missing)

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

O2 - BHO: Ad-Aware Security Add-on - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

O2 - BHO: Baidu Toolbar BHO - {77FEF28E-EB96-44FF-B511-3185DEA48697} - C:\Program Files (x86)\Baidu\Toolbar\BaiduBarX.dll (file missing)

O2 - BHO: XunleiBHO - {889D2FEB-5411-4565-8998-1DD2C5261283} - C:\Program Files (x86)\Thunder Network\Thunder\BHO\XunleiBHO7.2.7.3496.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

O2 - BHO: continuetosuave - {D864E2A6-1661-C269-4005-247746746892} - C:\ProgramData\continuetosuave\5186dbcfdea50.dll (file missing)

O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

O2 - BHO: Search-NeeWTab - {FDC2DAED-BC72-8D44-ACE7-7B90C6115531} - C:\ProgramData\Search-NeeWTab\5186dc21248fe.dll (file missing)

O3 - Toolbar: 啃仅驮捡戏 - {B580CF65-E151-49C3-B73F-70B13FCA8E86} - C:\Program Files (x86)\Baidu\Toolbar\BaiduBarX.dll (file missing)

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

O3 - Toolbar: Ad-Aware Security Add-on - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll

O4 - HKLM\..\Run: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"

O4 - HKLM\..\Run: [SearchProtection] C:\ProgramData\Search Protection\_run.bat

O4 - HKLM\..\Run: [Ad-Aware Antivirus] "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run

O4 - HKCU\..\Run: [PPS Accelerator] D:\PPS.tv\PPStream\PPSKernel.exe

O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [PPS Accelerator] D:\PPS.tv\PPStream\PPSKernel.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [PPS Accelerator] D:\PPS.tv\PPStream\PPSKernel.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [PPS Accelerator] D:\PPS.tv\PPStream\PPSKernel.exe (User 'Default user')

O8 - Extra context menu item: &妏蚚&捃泞烛盄狟婥 - C:\Program Files (x86)\Thunder Network\Thunder\BHO\OfflineDownload.htm

O8 - Extra context menu item: &妏蚚&捃泞狟婥 - C:\Program Files (x86)\Thunder Network\Thunder\BHO\geturl.htm

O8 - Extra context menu item: &妏蚚&捃泞狟婥窒蝈诿 - C:\Program Files (x86)\Thunder Network\Thunder\BHO\GetAllUrl.htm

O8 - Extra context menu item: Foxy ?? - res://C:\Program Files (x86)\Foxy\Foxy.exe/download.htm

O8 - Extra context menu item: Foxy 下载 - res://C:\Program Files (x86)\Foxy\Foxy.exe/download.htm

O8 - Extra context menu item: Foxy 搜寻 - res://C:\Program Files (x86)\Foxy\Foxy.exe/search.htm

O8 - Extra context menu item: 使用迅雷看看播放器播放 - C:\Users\Public\Thunder Network\XMP4\Core\Program\XmpIEMenu.htm

O8 - Extra context menu item: 传送至 OneNote(&N) - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105

O8 - Extra context menu item: 汇出至 Microsoft Excel(&X) - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000

O8 - Extra context menu item: 妏蚚捃泞侪潠唳狟婥 - C:\Program Files (x86)\Thunder Network\MiniThunder\BHO\minixlgeturl.htm

O8 - Extra context menu item: 妏蚚捃泞侪潠唳狟婥窒蝈诿 - C:\Program Files (x86)\Thunder Network\MiniThunder\BHO\minixlgetAllurl.htm

O8 - Extra context menu item: 发送图像至蓝牙装置(B)... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm

O8 - Extra context menu item: 发送页面至蓝牙装置(B)... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: 传送至 OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: 传送至 OneNote(&N) - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra button: OneNote 连结笔记(&K) - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra 'Tools' menuitem: OneNote 连结笔记(&K) - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\easyredirect.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\easyredirect.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\easyredirect.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\easyredirect.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\easyredirect.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O13 - Gopher Prefix:

O15 - Trusted Zone: http://*.gogobox.com.tw (HKLM)

O15 - ESC Trusted Zone: http://*.update.microsoft.com

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.co ... s

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

O20 - AppInit_DLLs: c:\windows\syswow64\nvinit.dll c:\progra~2\contin~1\sprote~1.dll c:\progra~2\websea~1\sprote~1.dll

[ 本帖最后由 samfufu 於 2013-5-11 03:48 PM 编辑 ]

作者: samfufu 发布时间: 2013-05-11

O23 - Service: Ad-Aware Service - Lavasoft Limited - C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\windows\system32\GameMon.des.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Ad-Aware (SBAMSvc) - GFI Software - C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 12030 bytes

作者: samfufu 发布时间: 2013-05-11

Step 1 : 下载及安装 Malwarebytes' Anti-Malware

下载 Malwarebytes' Anti-Malware
http://www.malwarebytes.org/mbam-download.php
储存 mbam-setup.exe 至桌面
执行 mbam-setup.exe 开始进行安装，安装时请选择 English 作为安装语言
按 Next，勾选 I accept the agreement 后再按 Next
然后全部都按 Next，不需要更改任何设定
按 Install 后等候安装
按 Finish 完成安装，并进行更新

Step 2 : 使用 Malwarebytes' Anti-Malware

勾选 Perform full scan，然后按 Scan
再按 Scan，进行扫瞄
等待扫瞄完成，按 Show Results，再按 Remove Selected 进行清理
完成清理后会弹出扫描纪录，请储存扫描纪录至桌面
关闭 Malwarebytes' Anti-Malware

Step 3 : 下载及执行 ComboFix

请先关闭所有防毒软件，然后下载 ComboFix 至桌面
执行 ComboFix，ComboFix 会弹出视窗，按确定，再按是
ComboFix 会进行扫瞄，期间切勿执行其他程式或点击 ComboFix 视窗
完成扫瞄后，ComboFix 可能会重新启动电脑，其后 ComboFix 报告会自动弹出
该报告会自动储存於 C:\ComboFix.txt

Step 4 : 简述情况及贴上报告

请简述一下阁下电脑的状况
请上传下列报告至 Sendspace：

HijackThis
Malwarebytes' Anti-Malware
ComboFix

作者: anlth2010 发布时间: 2013-05-13

引用:

原帖由 anlth2010 於 2013-5-13 11:28 PM 发表
Step 1 : 下载及安装 Malwarebytes' Anti-Malware

下载 Malwarebytes' Anti-Malware
http://www.malwarebytes.org/mbam-download.php储存 mbam-setup.exe 至桌面执行 mbam-setup.exe 开始进行安装，安装 ...

一开始系好多software都开唔到,例如pps, online game(但唔系全部,有d得有d唔得,唔得果d系一开佢未开始update就已经要我关左佢), funshion(类似pps既software), skype, game(又系一开就唔得, 但系又系一dd,唔系全部都唔得),跟住佢地就会弹左个window出黎话"xxx已经停止运作,由於发生问题,导致程式停止正常运作,window将关闭程式,有解决方案可用时将通知你"

跟住我就跟住果3个steps做,开头2个steps都冇问题,跟住去到ComboFix check完之后佢自动重开电脑,所有程式都开唔到,我唯有再重开,跟住d程式可以开返,不过就上唔到网,我睇过我部机系有连线,我一开网页佢就话存取唔到,我记得系error: 137 xxxxxxx, 跟住我冇办法之下我复原返去未做果几个steps之前既电脑状态先上返网,不过果d records仲系到,我upload左上sendspace

LINK

万分感谢

[ 本帖最后由 samfufu 於 2013-5-14 04:54 AM 使用编辑 ]

作者: samfufu 发布时间: 2013-05-14

Step 1 : 删除档案

下载 OTM 至桌面，并执行 OTM
复制下列文字，并贴上於 Paste Instructions for Items to be Moved 之框格内：

引用:
:reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SearchProtection"=-
按一下 MoveIt!，再按 OK，并重新启动电脑

Step 2 : 简述情况

请简述一下阁下电脑的状况

作者: anlth2010 发布时间: 2013-05-19

好多software都开唔到(附Hijackthis)

引用:

引用:

热门阅读

热门下载